CVE-2001-1010
published 2001-07-22CVE-2001-1010: Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
7.02%
93.4th percentile
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sambar | sambar_server | — | — |
| sambar | sambar_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sambar Server 4.4/5.0 - 'pagecount' File Overwrite
exploitdb·2001-07-22
CVE-2001-1010 Sambar Server 4.4/5.0 - 'pagecount' File Overwrite
Sambar Server 4.4/5.0 - 'pagecount' File Overwrite
---
source: https://www.securityfocus.com/bid/3091/info
Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems.
Sambar WWW Server is bundled with a sample script('pagecount') which creates temporary files on the host. However, it is possible for a remote attacker to craft a web request which will cause pagecount to overwrite existing files. Files attacked in this manner will be corrupted.
Loss of critical data and a denial of services may occur if system files are overwritten.
http://sambarserver/session/pagecount?page=index will create a file in Sambar temp directory with name 'index'
http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat then the script will rewrite the first symbol
Exploit-DB
Solaris 8 mailtool - Local Buffer Overflow
exploitdb·2001-06-01
CVE-2001-0526 Solaris 8 mailtool - Local Buffer Overflow
Solaris 8 mailtool - Local Buffer Overflow
---
// source: https://www.securityfocus.com/bid/2787/info
The mailtool program included with OpenWindows in Solaris, contains a buffer overflow vulnerability which may allow local users to execute arbitrary code/commands with group 'mail' privileges.
The overflow occurs when a string exceeding approximately 1010 characters is given as the OPENWINHOME environment variable.
/*
mailt00l.c, by 51 (June 2001)
Proof of concept code, exploiting the recently discovered buffer overflow
in Solaris 8 /usr/openwin/bin/mailtool, yielding GID mail
(http://packetstorm.securify.com/groups/synnergy/mailtool-adv.txt).
Should work with both x86 and Sparc versions, thx to compilation directives.
As a matter of course, the defaults buffersize and offset may nee
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.htmlhttp://www.sambar.com/security.htmhttp://www.securityfocus.com/bid/3092https://exchange.xforce.ibmcloud.com/vulnerabilities/6916http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.htmlhttp://www.sambar.com/security.htmhttp://www.securityfocus.com/bid/3092https://exchange.xforce.ibmcloud.com/vulnerabilities/6916
2001-07-22
Published